.png)
Recent Cybersecurity Incidents Plague American Hospitals in New Jersey and Pennsylvania
Hospitals situated in New Jersey and Pennsylvania find themselves in the throes of a concerning predicament—cyberattacks have cast a dark shadow over their operations. This disconcerting trend, which increasingly targets healthcare facilities, has manifested in a network outage at Capital Health, an entity overseeing two hospitals and various smaller healthcare facilities in the region. This announcement comes in the wake of another cyber assault on Ardent Health Services, a provider managing multiple hospitals in New Jersey, forcing them to divert emergency vehicles.
In response to this digital onslaught, Capital Health reassured the public that patient care, including emergency services, remains a top priority. They've implemented established protocols designed for scenarios of system downtimes. Nevertheless, the incident has led to the rescheduling of certain elective surgeries and outpatient appointments, with expectations of operating under system limitations for the next week. The company's IT team is actively engaged in restoring the network and data systems, collaborating with law enforcement and cybersecurity experts to mitigate the impact.
This cyberattack aligns with an alarming trend where ransomware groups specifically target healthcare facilities, capitalising on their critical need to sustain operations and the increased likelihood of succumbing to ransom demands. This malevolent strategy has gained traction, especially since the onset of the COVID-19 pandemic in 2020, and 2023 has witnessed a noticeable surge in such incidents. This dire situation underscores the immediate necessity for bolstered cybersecurity measures within healthcare institutions to safeguard both patient well-being and data integrity.
Risks:
The pervasive threat of ransomware attacks on healthcare institutions poses severe risks to patient care, data security, and overall operational integrity. These incidents can result in network outages, disruptions to essential services, and the compromise of sensitive patient information.
Recommendations:
Enhanced Cybersecurity Protocols: Implement robust cybersecurity measures, including regular system audits, software updates, and the deployment of advanced intrusion detection systems.
Employee Training: Conduct comprehensive training programs to educate staff on recognizing and mitigating cyber threats. Human error is often a gateway for cybercriminals, and a well-informed team is a crucial line of defence.
Collaboration with Cybersecurity Experts: Foster collaborations with cybersecurity experts and law enforcement agencies to stay abreast of evolving threats and deploy proactive strategies against potential attacks.
Data Backup and Recovery Plans: Establish secure and regularly updated data backup systems to expedite recovery in the event of a cyberattack. This ensures minimal disruption to critical healthcare services.
Public Awareness Campaigns: Educate the public on the potential risks of cyber threats to healthcare institutions and emphasise the importance of vigilance and reporting suspicious activities.
Scammers used an outdated link found in an X (formerly Twitter) account belonging to Bloomberg Crypto to send users to a phishing site designed to steal Discord credentials, BleepingComputer reports.
“As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members,” BleepingComputer says. “According to ZachXBT, Bloomberg previously maintained an older Telegram channel under the username @BloombergNewsCrypto, a detail shared on X/Twitter in August 2023.”
A message on the compromised Telegram channel states, “If you are interested, please head over to our official and only discord server for more information on how to start an application: https://discord[.]gg/bloomberg. Join the Bloomberg Crypto Discord Server! Check out the Bloomberg Crypto community on Discord - hang out with 33975 other members and enjoy free voice and text chat.”
The scammers use a typosquatting domain to trick users into handing over their Discord credentials.
“Rather than linking to the legitimate https://altdentifier.com/ address, it presents a link to a deceptive page using an altered domain (altdentifiers[.]com) with an extra 's' at the end of the original domain name,” BleepingComputer says. “The ‘Bloomberg Crypto staff team gives visitors 30 minutes to go to this site and complete the verification process. After clicking the link to 'verify' their account, the potential victims are prompted by the AltDentifiers phishing website to verify with Discord, aiming to steal their Discord login credentials.”
The link has since been taken down, but users should continue to be on the lookout for cryptocurrency scams.
“The malicious link was removed from the Bloomberg Crypto X/Twitter account 30 minutes after ZachXBT's initial tweet,” BleepingComputer writes. “As many crypto communities reside on Discord, threat actors commonly attempt to steal credentials for accounts that frequent such servers. These hijacked accounts can then be used to promote cryptocurrency scams designed to steal users' cryptocurrency assets while appearing to be from a legitimate source.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organisations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Identity services provider Okta has divulged that it has uncovered "additional threat actor activity" related to the October 2023 breach of its support case management system. In a statement shared with The Hacker News, the company stated, "The threat actor downloaded the names and email addresses of all Okta customer support system users."
The impact of this breach extends to all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers, excluding those in FedRamp High and DoD IL4 environments which utilise a separate, unaffected support system. The Auth0/CIC support case management system remained untouched by this incident.
Additionally, the adversary is suspected to have accessed reports containing contact information for all Okta certified users, certain Okta Customer Identity Cloud (CIC) customers, and unspecified Okta employee details. However, Okta emphasised that the compromised data does not include user credentials or sensitive personal information.
While there is no evidence of the stolen information being actively misused, Okta has taken proactive steps to inform all customers of potential phishing and social engineering risks. The company has implemented new security features on its platforms and provided customers with specific recommendations to defend against potential targeted attacks, particularly those directed at Okta administrators.
Okta, collaborating with a digital forensics firm, is actively investigating the breach and plans to notify individuals whose information has been downloaded. The revelation comes more than three weeks after Okta initially reported that the breach, occurring between September 28 to October 17, 2023, affected 1% (134) of its 18,400 customers.
The identity of the threat actors remains unknown, but Scattered Spider, a notorious cybercrime group, targeted Okta in August 2023, executing sophisticated social engineering attacks to obtain elevated administrator permissions. A recent report by ReliaQuest highlighted Scattered Spider's infiltration of a company via Okta single sign-on, demonstrating the group's evolving capabilities as an affiliate for the BlackCat ransomware operation.
ReliaQuest researcher James Xiang emphasised that Scattered Spider's ongoing activities underscore the group's advanced understanding of cloud and on-premises environments, showcasing a high level of skill and sophistication.
Risks:
Unauthorised Access: The breach exposes Okta customer support system user names and email addresses, potentially leading to unauthorised access to user accounts.
Phishing and Social Engineering: Compromised contact information poses a risk of phishing and social engineering attacks, exploiting the acquired data for malicious purposes.
Recommendations:
Customer Notification and Vigilance: Continue notifying affected individuals promptly and advise heightened vigilance against phishing attempts and social engineering attacks.
Enhanced Security Measures: Implement and reinforce robust security features across platforms to fortify defences against potential targeted attacks.
User Education: Educate users on recognizing phishing attempts and social engineering tactics, emphasising the importance of verifying communications and avoiding suspicious links.
Incident Response Preparedness: Enhance incident response protocols to swiftly address and mitigate the impact of future security incidents.
Regular Security Audits: Conduct periodic security audits to identify and rectify vulnerabilities, ensuring a proactive stance against evolving cyber threats.
Google has swiftly responded to security concerns by issuing updates to address seven vulnerabilities in its Chrome browser, one of which is a zero-day vulnerability currently under active exploitation in the wild. The identified vulnerability, tracked as CVE-2023-6345, is classified as a high-severity issue, characterised as an integer overflow bug within Skia—an open-source 2D graphics library.
The discovery and reporting of this flaw are credited to Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG), who flagged the issue on November 24, 2023. Google, in its acknowledgment, noted the existence of an exploit for CVE-2023-6345 in the wild but provided limited details regarding the nature of the attacks and the potentially involved threat actors.
It's noteworthy that Google had previously released patches for a similar integer overflow flaw in the same component (CVE-2023-2136) in April 2023, which had also been actively exploited as a zero-day. This raises concerns that CVE-2023-6345 could potentially serve as a patch bypass for the earlier vulnerability.
The seven zero-day vulnerabilities addressed in the latest Chrome update are as follows:
CVE-2023-2033 (CVSS score: 8.8) - Type confusion in V8
CVE-2023-2136 (CVSS score: 9.6) - Integer overflow in Skia
CVE-2023-3079 (CVSS score: 8.8) - Type confusion in V8
CVE-2023-4762 (CVSS score: 8.8) - Type confusion in V8
CVE-2023-4863 (CVSS score: 8.8) - Heap buffer overflow in WebP
CVE-2023-5217 (CVSS score: 8.8) - Heap buffer overflow in vp8 encoding in libvpx
To mitigate potential threats, users are strongly advised to upgrade to Chrome version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux. Furthermore, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to apply the fixes promptly as they become available.
This rapid response from Google emphasises the critical role of promptly updating browsers to ensure a secure online experience and protect against evolving cyber threats.
Risks:
Active Exploitation: The zero-day vulnerability (CVE-2023-6345) is actively exploited in the wild, posing a risk of unauthorised access and potential compromise of user data.
Potential Patch Bypass: Given the history of a similar vulnerability (CVE-2023-2136), there is a concern that the newly discovered CVE-2023-6345 could serve as a patch bypass for the earlier issue.
Recommendations:
Immediate Browser Update: Users should promptly update their Google Chrome browser to version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux to mitigate the identified vulnerabilities.
Regular Browser Updates: Maintain a proactive approach by regularly updating browsers to the latest versions to address emerging security vulnerabilities.
Cross-Browser Vigilance: Users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, should apply security fixes promptly as they become available to ensure comprehensive protection against potential threats.
Security Awareness: Educate users on the importance of timely browser updates and the role they play in maintaining a secure online environment.
*Subscribe to our newsletter
.svg)
.png)
.png)